Powershell: $var[x] returning Character x not Line/Item x?
    Jan 2012
    Powershell: $var[x] returning Character x not Line/Item x?

    Not so long ago a few of you helped me write a script to scan the event log and return the last logged-on users. I'm looking to expand that, given that all I ever do with these results is e-mail them off to the relevant head of department and be done with it. It's not my duty to chase the kids or dish out punishments. So! I figure why not just automate this bit, too?

    Sending an e-mail is rather simple, I've tested it and it works:
    Send-MailMessage -smtpserver 'EMAIL SERVER' -To "HOD" -Cc "ME" -From "ME" -Subject $computername -Body "Blah blah blah"
    Now I'm fairly certain I can find a way to apply variables into that (Already tested with the Subject and that worked). Unfortunately, I'm having a little bit of a struggle cutting down the actual event log so I can assign the required values into a canned e-mail and fire it off with minimal user intervention.
    Since the following line works, I figure I could just use $event.message[12] and work from there:
    $fulllogs += ([string]"Log $count`r`n----------" + $newtime + "----------`r`n" + $event.message + "`r`n" -replace [string]"(?s)Detailed.*key was requested.", "---------- Event message end ----------`r`n`r`n")
    Apparently, however, that doesn't work. Instead of returning " Account Name: $username" (the 13th line) it returns "a" (the 13th character as the event.message always starts with An account was successfully logged on.)

    I can't convert it with [array], I can't grab it with Get-Content, and I can't just directly reference it as $event.message[12] nor System.Diagnostics.Eventing.Reader.EventRecord.Message.. So I'm a little confused as to where to go from here. It feels like I have everything in place except this one problem of character vs line, where, up until now, $var[x] has always returned the line or item.
    Jan 2012
    Aha! Getting somewhere..
    $testvar += $newtime + ([regex]::split($event.message, "`r`n") | Where {$_ -match '	Account Name:		'+ "[0-9a-zA-Z]*"}) + "`r`n"
    Unfortunately, this pulls back two results per event log
    Account Name: MACHINENAME$
    Account Name: USERNAME

    But the machine name always ends in '$' and since I'm explicitly specifying only 0-9, a-z and A-Z (I also tried [[:alnum:]]) so as far as I see, the line with Machinename$ shouldn't be matched. But as far as I'm aware, * means 'zero or more of the previous character', so it should only match zero or more characters that are numbers or letters.

    I've also tried using [^-\$]*, which if I'm right, should be 'any character that is not a - or a $', but it still brings back both lines.

    Gaaaah! >.<

    Woohoo! Figured it out.
    Technically, "LOC-000$" still met the requirements.. It started with Account Name: and then had zero or more characters that were not a dash or a dollar sigh (in this case, L)

    $testvar += $newtime + ([regex]::split($event.message, "`r`n") | Where {$_ -match '	Account Name:		'+ "[^-\$]*$"}) + "`r`n"
    sorted me right
